php - SESSION 没有得到 SET PHP

Question

我有问题伙计们。当我登录时，它做得很好。它说您以 $username = admin ... 身份登录，但是当我刷新登录页面时，它不再这么说了。它给了我登录名和密码字段，所以我可以重新登录。我猜会话没有设置，但我似乎找不到问题。它甚至说我的密码不正确，但仍然让我以管理员身份登录，这是我的用户名谢谢

<?php

session_start();
include("connect.php");

if ($_POST['submit']){

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    if($username){

        if($password){

            $password =     md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
            $query = mysql_query("SELECT * FROM user WHERE      username='$username'");             
            $num_rows = mysql_num_rows($query);

            if ($num_rows == 1){

                $row = mysql_fetch_assoc($query);
                $db_username = $row['username'];
                $db_password = $row['password'];

                if ($password == $db_password){

                    $username =$_SESSION['username'];

                }else
                    echo "Your password is incorrect";

            }else{

                echo "Username not Found";

            }

        }

    }else
        echo "Futeni emrin e llogarise.";
}
?>
 <html>
 <head>

 </head>

<body>

<?php

if ($username){

    echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";

}else{

    echo "

    <form action='login.php' method='post'>

        Username: <input type='text' name='username' id='user'/>
        <br/>
        Password: <input type='password' name='password' id='pass'/>
        <br/>
        <input type='submit' name='submit' value='Submit'/>

    </form>

    ";
}
?>
   </body>
 </html>

Answer 1

$username 的值是在里面设置的，if ($_POST['submit']){所以当你刷新登录页面时，它不再这么说了。你应该设置$username为会话

<?php

session_start();
include("connect.php");

if ($_POST['submit']){

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    if($username){

        if($password){

            $password =     md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
            $query = mysql_query("SELECT * FROM user WHERE      username='$username'");             
            $num_rows = mysql_num_rows($query);

            if ($num_rows == 1){

                $row = mysql_fetch_assoc($query);
                $db_username = $row['username'];
                $db_password = $row['password'];

                if ($password == $db_password){

                   $_SESSION['username']= $username;

                }else
                    echo "Your password is incorrect";

            }else{

                echo "Username not Found";

            }

        }

    }else
        echo "Futeni emrin e llogarise.";
}
?>
 <html>
 <head>

 </head>

<body>

<?php

if ( isset($_SESSION['username']) && $_SESSION['username'] != '' ){

   $username = $_SESSION['username'];
    echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";

}else{

    echo "

    <form action='login.php' method='post'>

        Username: <input type='text' name='username' id='user'/>
        <br/>
        Password: <input type='password' name='password' id='pass'/>
        <br/>
        <input type='submit' name='submit' value='Submit'/>

    </form>

    ";
}
?>
   </body>
 </html>

Answer 2

首先你必须设置username成session变量

if ($password == $db_password){

   $username =      mysql_real_escape_string($_SESSION['username']);
   $_SESSION['username'] = $username;

} else {
   echo "Your password is incorrect";
}

如果if您需要更改以下代码

$username = isset($_SESSION['username']) ? $_SESSION['username'] : null;
if ($username){

    echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";

}else{

   /* your code */
}

Answer 3

你正在设置另一种方式。尝试

if ($password == $db_password){

                    $_SESSION['username'] =  $username;

}

然后

if (isset($_SESSION['username']))
{
  echo "You are logged in as, $_SESSION['username']!. <a href='logout.php'>LogOut</a>";
}

PS 开始使用准备好的语句（mysqli 或 pdo）并避免 mysql 扩展。